OAuth2 does not work with imap.gmail.com after upgrade

RESOLVED FIXED in Thunderbird 41.0

Status

MailNews Core
Networking
RESOLVED FIXED
2 years ago
2 years ago

People

(Reporter: Asbjørn Heid, Assigned: rkent)

Tracking

Thunderbird 41.0
Dependency tree / graph

Thunderbird Tracking Flags

(thunderbird39 wontfix, thunderbird40 fixed, thunderbird41 fixed, thunderbird_esr3839+ fixed, seamonkey2.35 fixed)

Details

(URL)

Attachments

(1 attachment)

(Reporter)

Description

2 years ago
User Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.81 Safari/537.36 OPR/30.0.1835.59

Steps to reproduce:

Upgraded to version 38.0.1. Switched existing gmail IMAP account from "Normal password" to "OAuth2".


Actual results:

Thunderbird showed an error claiming "The IMAP server my.account@gmail.com does not support the selected authentication method".


Expected results:

It should have shown the OAuth2 login dialog.
(Reporter)

Comment 1

2 years ago
I tried switching the IMAP server from imap.go
Summary: OAuth2 does not work with imap.google.com after upgrade → OAuth2 does not work with imap.gmail.com after upgrade
(Reporter)

Comment 2

2 years ago
Lets try again, fancy web 2.0 form posted when I clicked elsewhere...

I tried switching the IMAP server from imap.gmail.com to imap.googlemail.com. Then I got the OAuth2 dialog. Confusingly, I then switched back to imap.gmail.com, and the OAuth2 dialog showed there too. I now cannot reproduce the original issue, even after restarting Thunderbird.

Before I did the switch I could consistently reproduce the original error (authentication method failure) by switching from "Normal password" to "OAuth2", even across restarts.
(Assignee)

Comment 3

2 years ago
Because there is no dynamic registration for OAuth2 settings with Gmail, we (reluctantly) implemented this by adding the required GMail OAuth2 setup information directly in the Thunderbird code. For this to work, we had to have some method of determining what was, in fact, a GMail address that expected to use GMail OAuth2 settings.

The method that we chose, which duplicates the previous automatic configuration of GMail accounts within Thunderbird, is to key off of the server url. This is in the file http://mxr.mozilla.org/comm-central/source/mailnews/base/util/OAuth2Providers.jsm

So I would not expect imap.gmail.com to work.

I had a hard time actually finding google references that mention server URLs. I did see one university that recommended imap.gmail.com

Perhaps we need to add other server names? Can you find a reference that gives a list of valid server names?
(Assignee)

Comment 4

2 years ago
It's clear that imap.gmail.com and smtp.gmail.com are commonly recommended urls, so we should support those as well.
Assignee: nobody → rkent
Status: UNCONFIRMED → ASSIGNED
tracking-thunderbird_esr38: --- → +
Ever confirmed: true
(Assignee)

Comment 5

2 years ago
Created attachment 8625391 [details] [diff] [review]
add gmail.com

This should be all that is needed. I have not tested this, it would be good to do that Joshua if you could.
Attachment #8625391 - Flags: review?(Pidgeot18)
(Reporter)

Comment 6

2 years ago
Thanks for the follow-up. I must admit I haven't plowed through Google's documentation, but searches repeatedly turned up https://developers.google.com/gmail/oauth_overview which only lists the imap.gmail.com and smtp.gmail.com servers.
Are we certain that googlemail.com and gmail.com is the full and complete list for all countries?
(I'm not saying there are more, I just don't know, and didn't find a solid reference document)

Asbjørn, thanks for filing this bug report.
Blocks: 1155491
status-thunderbird39: --- → affected
status-thunderbird40: --- → affected
status-thunderbird41: --- → affected
status-thunderbird_esr38: --- → affected
Component: Untriaged → Networking
Product: Thunderbird → MailNews Core
(Reporter)

Comment 8

2 years ago
FWIW as a user I'd prefer an advanced setting for the OAuth2 authentication, where I could select the "provider" (ie Google in this case). 

By default this would be initialized based on the server name like now, but it would at least allow me to override it in the future (in case Google changes server names or whatever).
(Reporter)

Comment 9

2 years ago
Thanks Wayne.

I'm not sure I understand the URL page you linked this issue to though. I originally asked here: https://support.mozilla.org/en-US/questions/1068409

Comment 10

2 years ago
Way back when Gmail first appeared in Beta googlemail was the mail server name.  All Gmail documentation I have seen since it left beta has refered to gmail as the server names.

Now I know why I have been unable to test this. I have been using gmail.com server names and getting the not supported error.

Comment 11

2 years ago
Comment on attachment 8625391 [details] [diff] [review]
add gmail.com

Review of attachment 8625391 [details] [diff] [review]:
-----------------------------------------------------------------

Stealing this. I tested this and it works fine. r=mkmelin
Attachment #8625391 - Flags: review?(Pidgeot18) → review+

Comment 12

2 years ago
https://hg.mozilla.org/comm-central/rev/23d2b24151c4 -> FIXED
Status: ASSIGNED → RESOLVED
Last Resolved: 2 years ago
status-thunderbird41: affected → fixed
Resolution: --- → FIXED
Target Milestone: --- → Thunderbird 41.0

Comment 13

2 years ago
Came to mind though, should the http://mail.google.com/ scope be https instead?
(Reporter)

Comment 14

2 years ago
(In reply to Magnus Melin from comment #13)
> Came to mind though, should the http://mail.google.com/ scope be https
> instead?

As per Google documentation[1], yes it should.

[1]: https://developers.google.com/gmail/xoauth2_protocol#oauth_20_scopes
(Assignee)

Updated

2 years ago
Blocks: 1178413
(Assignee)

Comment 15

2 years ago
Comment on attachment 8625391 [details] [diff] [review]
add gmail.com

[Triage Comment]
Attachment #8625391 - Flags: approval-comm-esr38+
Attachment #8625391 - Flags: approval-comm-beta+
Attachment #8625391 - Flags: approval-comm-aurora+
(Assignee)

Comment 16

2 years ago
http://hg.mozilla.org/releases/comm-beta/rev/690b3a6f116c
https://hg.mozilla.org/releases/comm-esr38/rev/cf109c971a2e
status-thunderbird39: affected → wontfix
status-thunderbird40: affected → fixed
status-thunderbird_esr38: affected → fixed
tracking-thunderbird_esr38: + → 39+

Updated

2 years ago
Blocks: 1177041

Updated

2 years ago
Blocks: 1183198

Updated

2 years ago
status-seamonkey2.35: --- → fixed

Comment 17

2 years ago
Hi All,

Is there a way to manually download the OAuth2 token and attach it to my Thunderbird G-Mail account?

I don't use Pine anymore, however does G-Mail/OAuth2 work with Pine currently?

Also, please point me to the proper place for this and these types of comments, however bugzilla would be best.

Thank you.
(Assignee)

Comment 18

2 years ago
(In reply to logjamthis from comment #17)
> Hi All,
> 
> Is there a way to manually download the OAuth2 token and attach it to my
> Thunderbird G-Mail account?
> 
> I don't use Pine anymore, however does G-Mail/OAuth2 work with Pine
> currently?
> 
> Also, please point me to the proper place for this and these types of
> comments, however bugzilla would be best.
> 
> Thank you.

bugzilla is not intended as a support forum, though it often de facto turns out that was as we try to understand whether an issue is associated with a code change.

In answer to "Is there a way to manually download the OAuth2 token and attach it to my
 Thunderbird G-Mail account?" the answer is basically no. I have no idea about Pine, and this is not a good place to ask.

The correct place for questions that do not involve a possible flaw in Thunderbird code is support.mozilla.org

Comment 19

2 years ago
(In reply to Kent James (:rkent) from comment #18)

Thanks Kent and others, please see
http://support.mozilla.org/en-US/questions/1075788
You need to log in before you can comment on or make changes to this bug.